Guide: running instant3Dhub with Proxy

Read First

This section contains a configuration examples for instant3Dhub with a proxy aswell as an example configuration for nginx. Use the nginx configuration at your own risk. This nginx configuration has no security. We support SSO mechanisms via cookie passthrough. Our backends authenticate to data backends via cookies or other custom HTTP headers.

instant3Dhub Configuration

Our deploys require a small set of variables which must be set for minimal deployments. This is done by adjusting the entrypoints variable either in our helmcharts or docker-compose variants to the external address under which the installation should run.

As an example, if the installation should run under a different path on a proxy server the entrypoints should be set as the full URL: https://example-proxy-server/extra/path/ This way internal components which deliver our webfrontend already know how to deliver addresses to get back to the the backend.

# entrypoints in values.yaml
entrypoints: [ "https://example-proxy-server/extra/path/" ]

For convenience we provide a nginx configuration as a reference below. It assumes the installation is running on 146.140.211.12:30101 and proxies anything under /hubproxy/ to the instance.

user nginx;
worker_processes  3;
error_log  /var/log/nginx/error.log info;
events {
  worker_connections  10240;
}

http {
  access_log  /var/log/nginx/access.log;
  server {
  client_max_body_size 100M;
  listen  80;
  proxy_read_timeout 7d;
  proxy_http_version 1.1;
  location ~ /hubproxy/(.*) {
    proxy_pass http://146.140.211.12:30101/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
  }
  client_body_temp_path      /var/cache/nginx/client_body_temp;
  proxy_temp_path            /var/cache/nginx/proxy_temp;
  fastcgi_temp_path          /var/cache/nginx/fastcgi_temp;
  uwsgi_temp_path            /var/cache/nginx/uwsgi_temp;
  scgi_temp_path             /var/cache/nginx/scgi_temp;
  }
}

Origin Policy

By default instant3Dhub allows all origins meaning that any application that is accessible on a different domain can connect to it if there is no additional settings limiting such behaviour. This is done on purpose since instant3Dhub is meant to be used as a central component that can be used by different applications.

In order to prevent access from all origins on the proxy level one has to configure a proxy/load balancer (depending on a use case and requirements) which rewrite headers making possible to send required values for them.

For example to configure nginx to allow access only from the origin https://app.example.com, the following directive can be used

add_header 'Access-Control-Allow-Origin' "${scheme}://app.example.com" always;

---

Did you find this page useful? Please give it a rating:

★ ★ ★ ★ ★

Thank you for rating this page!

Any issues or feedback?

What kind of problem would you like to report?

• This page needs code samples
• Code samples do not work
• Information is missing
  Please tell us more about what's wrong:
• Information is incorrect
  Please tell us more about what's wrong:
• Information is unclear or confusing
  Please tell us more about what's wrong:
• The page is rendered incorrectly (styling/CSS)
• Give Feedback

Please tell us more about what's wrong: Name E-Mail Problem (required)